InfoLawUpdate - Data Retention Regulations in Force

The Data Retention Regulations 2014 came into force on 31 July 2014. The Government has opted for the introduction of more robust safeguards with a view to ensuring that any interference with privacy rights is proportionate and otherwise justified.

Some noteworthy points in respect of the new safeguards are:

The Regulations themselves do not purport to identify the types or categories of data which should be retained for less than twelve months. They simply say that twelve months is the maximum retention period. This leaves a significant question as to what types of data will ultimately attract a shorter retention period. It could also encourage a blanket indiscriminate twelve months retention period for all types of data.
The Secretary of State has to take into account a variety of matters before issuing a Retention Notice, one of which is the likely number of users who will be affected by the Notice.
The Secretary of State must keep any Retention Notice under review.
There is regulatory provision for a statutory Code of Practice on Data Retention to be issued by the Secretary of State.

We will report further when the proposed Statutory Code of Practice is issued.